Maybe it's good to point that linux mint have several services loaded at boot by default. The way to turn it off this "dirty" services should be part of the answer, i.e., pulse audio server is a security risk? Cups for printers is another? A weather applet on bar should be another one? And others... Thanks again.
–
H_7Oct 22 '11 at 13:28

Ensuring you've got mechanisms in place to check for and install patches

Note that the take home message here is that security is not about what software you install - it's about how you configure and manage it.

There are additional things which are worth considering:

using fail2ban to block dodgy access (particularly for ssh)

running rkhunter (or similar) regularly)

maintaining a host based IDS such as tripwire / lids / l5

Logs are useful as a diagnostic / post-mortem tool - but from a security viewpoint they really only show you where your security is working as you expect (i.e. keeping the bad guys out). Fail2ban is a very useful tool and depends on logs - but I'm far from convinced that there's any other use for logs in preventing an attack.

I would like to add: "Restricted access to these services wherever possible using a firewall" -- restrict access to services by configuring the daemon; make it listen only on localhost, for example, if that's all you need. The firewall isn't needed, at least for that one service, then. One less point of failure.
–
laebshadeOct 21 '11 at 9:44